From 447da7bed85334bb0f8e613ead2495e0ba16a03a Mon Sep 17 00:00:00 2001
From: "rongfu.leng" <rongfu.leng@daocloud.io>
Date: Tue, 13 Dec 2022 15:52:20 +0800
Subject: [PATCH] add containerd config_path

Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
---
 .../containerd/tasks/main.yml                 | 30 +++++++++++++++++++
 .../containerd/templates/config.toml.j2       |  1 +
 2 files changed, 31 insertions(+)

diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml
index 03b9668d9..e374a979e 100644
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -56,6 +56,15 @@
     - containerd-shim-runc-v2
     - ctr
 
+- name: containerd ｜ Create certs.d directories
+  file:
+    path: "{{ containerd_cfg_dir }}/{{ item }}"
+    state: directory
+    mode: 0755
+  with_items:
+    - certs.d
+  run_once: true
+
 - name: containerd | Generate systemd service for containerd
   template:
     src: containerd.service.j2
@@ -111,6 +120,27 @@
     mode: 0640
   notify: restart containerd
 
+- name: containerd ｜ Create registry directories
+  file:
+    path: "{{ containerd_cfg_dir }}/certs.d/{{ item }}"
+    state: directory
+    mode: 0755
+  with_items: "{{ containerd_insecure_registries }}"
+  run_once: true
+
+- name: containerd ｜ Write hosts.toml file
+  blockinfile:
+    path: "{{ containerd_cfg_dir }}/certs.d/{{ item }}/hosts.toml"
+    owner: "root"
+    mode: 0640
+    create: true
+    block: |
+      server = "https://{{ item }}"
+      [host."https://{{ item }}"]
+        capabilities = ["pull", "resolve", "push"]
+        skip_verify = true
+  with_items: "{{ containerd_insecure_registries }}"
+
 # you can sometimes end up in a state where everything is installed
 # but containerd was not started / enabled
 - name: containerd | Flush handlers
diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index c1bda12b8..ecd594a71 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -47,6 +47,7 @@ oom_score = {{ containerd_oom_score }}
           runtime_type = "io.containerd.runsc.v1"
 {% endif %}
     [plugins."io.containerd.grpc.v1.cri".registry]
+      config_path = "{{ containerd_cfg_dir }}/certs.d"
       [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
 {% for registry, addr in containerd_registries.items() %}
         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]